| Topology: 
- Create the respective interfaces in the Firewalls:
FIREWALL-DC config system interface edit "port1" set vdom "root" set ip 10.0.1.1 255.255.255.0 set allowaccess ping set type physical set alias "Link-01" set snmp-index 1 next edit "port2" set vdom "root" set ip 10.0.2.1 255.255.255.0 set allowaccess ping set type physical set alias "Link-02" set snmp-index 2 next edit "Loopback01" set vdom "root" set ip 172.21.254.1 255.255.255.0 set allowaccess ping set type loopback set role lan set snmp-index 13 next
Firewall-Branch1 config system interface edit "port1" set vdom "root" set ip 10.0.1.2 255.255.255.0 set allowaccess ping set type physical set alias "Link-01" set snmp-index 1 next edit "port2" set vdom "root" set ip 10.0.2.2 255.255.255.0 set allowaccess ping set type physical set alias "Link-02" set snmp-index 2 next edit "Loopback01" set vdom "root" set ip 192.168.1.1 255.255.255.0 set allowaccess ping set type loopback set role lan set snmp-index 13 next
Firewall-Branch2 edit "port1" set vdom "root" set ip 10.0.1.3 255.255.255.0 set allowaccess ping set type physical set alias "Link-01" set snmp-index 1 next edit "port2" set vdom "root" set ip 10.0.2.3 255.255.255.0 set allowaccess ping set type physical set alias "Link-02" set snmp-index 2 edit "Loopback01" set vdom "root" set ip 192.168.2.1 255.255.255.0 set allowaccess ping set type loopback set role lan set snmp-index 13 next
- Configure the BGP peers between the links.
Firewall-DC config router bgp set as 65000 set router-id 172.21.254.1 config neighbor edit "10.0.1.2" set interface "port1" set remote-as 65001 next edit "10.0.1.3" set interface "port1" set remote-as 65002 next edit "10.0.2.2" set interface "port2" set remote-as 65001 next edit "10.0.2.3" set interface "port2" set remote-as 65002 next end
Firewall-Branch1 config router bgp set as 65001 set router-id 192.168.1.1 config neighbor edit "10.0.1.1" set remote-as 65000 next edit "10.0.2.1" set remote-as 65000 next end
Firewall-Branch2 config router bgp set as 65002 set router-id 192.168.2.1 config neighbor edit "10.0.1.1" set remote-as 65000 next edit "10.0.2.1" set remote-as 65000 next end
- Configure the network to be advertised.
Firewall-DC config router bgp set as 65000 set router-id 172.21.254.1 config network edit 1 set prefix 172.21.254.0 255.255.255.0 next end
Firewall-Branch1 config router bgp set as 65001 set router-id 192.168.1.1 config network edit 1 set prefix 192.168.1.0 255.255.255.0 next end
Firewall-Branch2 config router bgp set as 65002 set router-id 192.168.2.1 config network edit 1 set prefix 192.168.2.0 255.255.255.0 next end
- Configure the route-map to set local preference to link1 as preferred to link2.
Firewall-DC config router route-map edit "map-in-link01" config rule edit 1 set match-ip-address "prefix-in" set set-local-preference 200 next end next edit "map-in-link02" config rule edit 1 set match-ip-address "prefix-in" set set-local-preference 100 next end next end
- Adjust the BGP config to use the route-map.
Firewall_DC config router bgp set as 65000 set router-id 172.21.254.1 config neighbor edit "10.0.1.2" set interface "port1" set remote-as 65001 set route-map-in "map-in-link01" <---------------- next edit "10.0.1.3" set interface "port1" set remote-as 65002 set route-map-in "map-in-link01" <---------------- next edit "10.0.2.2" set interface "port2" set remote-as 65001 set route-map-in "map-in-link02" <---------------- next edit "10.0.2.3" set interface "port2" set remote-as 65002 set route-map-in "map-in-link02" <---------------- next end
- Check the routing table.
get router info bgp network VRF 0 BGP table version is 3, local router ID is 172.21.254.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight RouteTag Path *> 172.21.254.0/24 0.0.0.0 100 32768 0 i <-/1> *> 192.168.1.0 10.0.1.2 0 200 0 0 65001 i <-/1> * 10.0.2.2 0 100 0 0 65001 i <-/-> * 192.168.2.0 10.0.2.3 0 100 0 0 65002 i <-/-> *> 10.0.1.3 0 200 0 0 65002 i <-/1> Total number of prefixes 3 get router info routing-table bgp Routing table for VRF=0 B 192.168.1.0/24 [20/0] via 10.0.1.2 (recursive is directly connected, port1), 1d19h31m, [1/0] B 192.168.2.0/24 [20/0] via 10.0.1.3 (recursive is directly connected, port1), 1d19h31m, [1/0]
- Note how the local preference on link2 (10.0.2.0/24) has the lower preference (100) as configured before, and the routes installed into the routing table are using the link01.
| 
